An April 7 data breach at Douglas Elliman Property Management has potentially exposed thousands of residents’ personal information, including names, birth dates, mailing addresses, Social Security numbers, driver’s license numbers, passport numbers and financial information, according to The Real Deal, which broke the news on Monday.
Douglas Elliman Property Management alerted the co-operative and condominium boards for the more than 56,000 units it manages of the breach on April 19. The units are located in 380 properties across all five boroughs, Long Island, Westchester County and Northern New Jersey.
A source close to the matter told TRD the breach was discovered on April 7, after the company’s IT team noticed suspicious activity on its servers. Douglas Elliman Property Management immediately contacted federal and local law enforcement officials and launched an investigation, which revealed the breach took place between April 5 and April 7 and impacted residents, property owners and employees.
“We take the security of our IT systems as well as the privacy of our clients very seriously and are continuing to enhance our security protocols to help prevent a similar incident from occurring in the future,” a Douglas Elliman spokesperson told TRD while noting the company’s brokerage and new-development marketing servers aren’t part of the breach.
Douglas Elliman will begin contacting affected residents, property owners and employees on April 23. They’ll be given access to a free, one-year identity theft prevention and credit monitoring membership, and a data breach hotline to ask additional questions.
Douglas Elliman Property Management directors Jim Miller, Elly Pateras and John Janangelo apologized for the breach in an email obtained by the TRD. “We take this matter very seriously [and] we deeply regret any inconvenience or concern this incident may cause,” they said.
In an emailed statement to Inman, a DEPM spokesperson reiterated the information provided to TDR and said the company is “continuing to enhance our security protocols to help prevent a similar incident from occurring in the future.”
“We are not aware of any individual who has experienced identity theft as a result of this incident,” they added.
Data breaches have become increasingly common in the real estate industry, with CoreLogic, StreetEasy, Corcoran and Remine all reporting data breaches over the past three years. Hackers have also upped the ante on the consumer side, with homebuyers losing billions due to phishing and wire fraud scams.